CVE-2021-42258
BillQuick Web Suite SQL Injection (CVE-2021-42258) affects BEQ BillQuick Web Suite 2018–2021 prior to 22.0.9.1. The vulnerability is an SQL injection in the txtID/username parameter that enables unauthenticated remote code execution, including the potential to run code as MSSQLSERVER$ via xp_cmds...